Tag: data breach

By Alex Hern for The Guardian 

Facebook has started the process of notifying the approximately 87 million users whose data was harvested by the election consultancy Cambridge Analytica.

The social network eventually hopes to inform every user who was affected with a warning at the top of their Facebook news feed. For now, however, individuals can check by going to a new help page on the site or searching for “How can I tell if my info was shared with Cambridge Analytica?” in Facebook’s help centre.

Most users will see a message saying that “neither you nor your friends logged into ‘This Is Your Digital Life’”, the personality quiz that Cambridge Analytica used to gather its data.

Around 87 million individuals, including more than 1 million people in the UK, will receive a different response saying “a friend of yours did log in”.

That means that their public profile, page likes, birthday and current city were likely shared with the company, as well as potentially the contents of their news feed at the time.

Around 300,000 people – including 53 people in Australia, 10 people in New Zealand, and an unknown number of users in the UK – will receive a message informing them that they installed the This Is Your Digital Life app.

This means they almost certainly handed over the personal information of all their Facebook friends at the time, as well as formed part of the core group for the psychometric profiling that Cambridge Analytica carried out during the US election campaign.

Facebook has promised widespread changes to its platform to prevent further “abuse” of the sort it attributes to Cambridge Analytica. “These actions would prevent any app like [This Is Your Digital Life] from being able to access so much data today,” the company said in March.

By Eric Johnson for Recode 

Starting with its very first episode, the HBO TV series “Silicon Valley” satirized the idea that tech entrepreneurs were “making the world a better place.” But Yelp CEO Jeremy Stoppelman said people in his industry really believe that – or, at least, they used to.

“That’s something that I would say most people in Silicon Valley would like to believe,” Stoppelman said on the latest episode of Recode Decode.

“I think we’re waking up to realize a lot of big companies, presumably under pressure to grow and satisfy Wall Street, are focusing more on growth and making money than sticking to some core set of values that are aspirational.”

Stoppelman said the ongoing crisis of techlash is a reflection of some leaders’ inability or unwillingness to commit to corporate values early in their businesses’ existence, although he agreed with Apple CEO Tim Cook that “not all companies are created equal” in that regard.

“In some ways, Silicon Valley as a whole has lost its purpose,” Stoppelman said. “If its purpose really was, ‘Hey, we’re really trying to have a positive impact,’ just focusing on technology and growth might not be enough. You might actually have to make decisions that hurt growth.”

On the new podcast, Stoppelman also talked about Yelp’s years-long feud with Google. Yelp contends that Google has unfairly favored its own local listings in search results, something Stoppelman said the Google of the past would have criticized.

“The 2004 Google — the Larry Page-Sergey [Brin] Google — would make absolute fun of the search results you see today,” he said. “They pointed at Yahoo and said, ‘Look at Yahoo! They’re trying to trap you in their ecosystem. They don’t want you to get to the best of the web.’”

Scrutiny of big tech, he noted, is one of the few political issues that seems to have bipartisan support in the U.S. right now. But ultimately, despite some welcome regulations in the EU, Stoppelman said Yelp is carrying on with the assumption that the status quo is not about to be upended stateside.

“Obviously, we live in reality, and the government is not the speediest at dealing with these situations,” he said. “So we just find our way.”

What does Facebook know about you?

Source: By Andrew Griffin for The Independent 

As attention turns to Facebook’s use of data, many of its users are wondering how they can avoid being manipulated by the site.

Some are urging users to boycott the site entirely. Those voices include the co-creator of WhatsApp, who sold the app to Facebook for billions but has since called for people to delete it.

Others, however, say that they can’t leave Facebook, since they need it for talking to people or keeping up with their communities. It might not even be possible to really leave, anyway – the internet expects you to keep using Facebook, and the site is able to learn about people’s data even if they’ve never actually used it.

The site does, however, give people relatively easy ways to find out what data is being collected and how. And if they object to that, they can either delete their account or deactivate it, both of which do go some way towards stopping the site learning more about you.

Everything you do on Facebook generates data of some kind. That might be the obvious, explicit ways, like the information people add to their profile about themselves – but it could be much more subtle things, like how long you spend watching a certain video.

Sometimes, the site and developers using it will use quizzes or mini games to make the experience of giving up data more fun. When they’re opened, they don’t only get access to the answers you give, but also request access to people’s data.

In the case of Cambridge Analytica, Facebook says data collected via a quiz app called ThisIsYourDigitalLife, billed as a personality predictor, was passed to the data firm in violation of its terms.

Where can I find details about what apps I’ve given access to?

Visit Facebook’s settings page or, on the desktop site, settings is located on the drop-down menu on the right-hand side of the blue header bar.

Click on the apps tab on the left-hand side of the screen to see all the apps you’ve okayed.

Users can see what info is shared with any app, and there are options to delete, limit the information each app can access and remove info collected by the app.

Deleting an app may still allow the developer to retain some of a user’s personal information.

How do my friends impact on apps?

In “Apps Others Use”, Facebook sets out how apps which other people use can read your data. This feature revolves around the social part of Facebook – it’s the tech which means you might be flagged as a fellow reader of a certain book, a brand devotee, or someone who also plays a game.

Click edit and 13 categories are listed, including bio, timeline posts and online status. Any combination can be toggled on and off.

What is Facebook Platform?

If you want to go a step further you can turn off Platform – this is the system which among other things allows you to comment on or log into other websites using your Facebook details.

By turning it off, you lose some functionality but it means your information is not automatically shared as you surf the web.

How to see your Facebook data
In the general section of the settings is an option “download a copy of your Facebook data”. Click on it and Facebook will email you when it’s ready to download.

Facebook says most of this data is already available in your account and activity log, but it also includes information on ads you have clicked on and the IP addresses you’ve used.

It will also reveal email addresses previously associated with your account, topics of ads which may be targeted to you and the metadata contained in photos uploaded to Facebook.

How do I deactivate or delete my account?

Facebook talks people through both deactivating and deleting their account in Settings General Manage Your Account.

Deactivating allows you to log back in in the future and have your Facebook profile completely restored. While deactive, people won’t be able to search for you or see your page, but the info is retained.

To permanently delete your Facebook account, visit the account deletion page to start the process. It may take up to 90 days to delete all the things you’ve posted, says Facebook.

Source: By Andrew Griffin for The Independent 

Fin24 recently publishing article with the headline: “Massive Afrihost security flaw exposed”.
The article stated that “a massive security flaw” left the ADSL credentials of users vulnerable. The situation was brought to light by a Durban software expert, Taylor Gibb, who recently posted on Facebook that “Afrihost staff had been able to provide ADSL account credentials to users over the phone, leaving information at risk”.

Afrihost has released the following statement:

1. There was no breach of data at any time

No databases, personal information, payment information or account details have been breached or hacked in any way. The article is based on hypothetical scenarios conceived by the author of the article, who was never (at any time) in possession of the data mentioned.

2. Our clients are not at risk

Since no data was actually obtained, our clients are not at risk at all. We have also now ensured that consultants cannot view encrypted data, so there is no risk to clients whatsoever (based on the scenario in this article).

3. Passwords were never stored in plain text

The writer makes several assumptions regarding the state of personal data, such as passwords being stored in plain text, which are inaccurate. Passwords are encrypted.

4. The information relates ONLY to ADSL usernames and passwords

No payment information, personal information or ClientZone user login information were ever at risk. At absolute worst, the information in question could only be used to login to an ADSL account (and one that allows concurrent logins). Any client could still view their ADSL sessions via their ClientZone and request any unknown numbers be blocked from accessing their account. There would be zero possibility that these details could ever lead to obtaining payment or personal information.

5. Our team of staff are trustworthy

The article only refers to scenarios where a staff member of Afrihost could access vulnerable information. Our staff have no motivation to steal data from our clients, as they receive free internet for both fixed line (DSL or Fibre) and Mobile Data. In many cases, our staff give out their personal accounts to help our clients test their connectivity. While we did trust our staff with access to passwords – this ability has since been removed – this was always subject to identity verification. However, we have removed this feature for our client’s peace of mind and will find new ways to ensure that our clients enjoy the same level of convenience when interacting with our consultants.

We’ve always had to balance our need for increased security and safeguards with our client’s convenience. Changes to our security is in ongoing development at all times, and we had planned to devise a convenient way to roll these out with minimal impact to our clients.

As mentioned, no data was breached, no personal information was compromised and not a single client was adversely affected in any way.

Yahoo triples likely scope of hack to 3bn

Yahoo, the Internet company acquired by Verizon Communications this year, now believes a 2013 security breach exposed all 3 billion of its users at the time.

The assessment, based on new intelligence obtained after the $4.5bn acquisition, compares with Yahoo’s initial estimate that 1 billion accounts were compromised.

The information stolen didn’t include passwords in clear text, payment data or bank accounts. Yahoo is notifying users.

Verizon, which is combining Yahoo with its AOL business to attract more internet advertising, had negotiated a $350m price cut on the deal after Yahoo disclosed the 2013 breach and a subsequent hack in 2014.

Verizon and Altaba, the former owner of the Yahoo Internet assets Verizon acquired, agreed earlier this year to split evenly the liability costs of consumer and business lawsuits related to the breach.

Altaba also has to cover any shareholder liability costs.While the attacks exposed user accounts and threatened Yahoo’s trust with consumers, most users have already moved on, said Jan Dawson, an analyst at Jackdaw Capital.

“Certainly this makes the hack look worse than Verizon and the rest of us thought, but I don’t know that that materially changes the valuation of Yahoo as a company or the ongoing cost of dealing with the hack,” Dawson said.

Verizon, based in New York, and Altaba, based in Sunnyvale, California, were little changed in late trading.The Senate Commerce Committee will call on representatives of Yahoo to testify about recent breaches, whether there are steps they should have taken earlier and whether there is potentially more bad news to come, John Thune, the panel’s chairperson, said on Tuesday in a statement.

The committee is also calling representatives of Equifax, the consumer credit agency involved in a data breach that compromised information on 145.5 million US consumers. The date and witness list will be announced later this month.

Yahoo has said it wasn’t able to identify who was responsible for the 2013 breach, though the US government has accused Russia of directing the 2014 hack. The 2013 intrusion was discovered by Andrew Komarov, chief intelligence officer for InfoArmor, who had been tracking a prolific Eastern European hacker group that he spotted offering 1 billion Yahoo accounts for $300 000 in a private sale.

By watching the group’s communications, he was able to determine that it sold the database three times. Two buyers were large spamming groups.The third buyer provided a list of 10 names of US and foreign government officials and business executives to verify that their logins were part of the database, Komarov said.

The unusual request, Komarov said, indicated that the buyer might be linked to a foreign intelligence agency.

By Scott Moritz for Fin24

Beware the data breach

South African organisations need to prioritise the protection of confidential information or face putting their businesses at risk of hefty financial penalties, irrevocable reputational damage, and even legal repercussions, a leading information security company has warned.

With the average data breach costing South African businesses R28.6 million each year, Shred-it South Africa said organisations cannot afford to ignore the importance of implementing robust information security policies and practices. The loss of confidential information can also impact customer confidence and may also put businesses at risk of legal action.

“Many South African businesses are not aware of the costly impact that a data security breach can have, both in terms of lost business and non-compliance fines. It’s more than a financial risk; damage to a hard earned reputation is time-intensive and costly to repair. Prevention is always better than a cure, and I urge organisations in South Africa to make sure information security is top of the business agenda,” says Tony Fitzpatrick, country manager at Shred-it South Africa.

Businesses also need to be aware of the legal requirements when it comes to protecting confidential information. According to Shred-it’s Security Tracker Survey, only 37% of SMEs understand the implications the forthcoming enforcement of the Protection of Personal Information (POPI) Act will have on their business compared to 70% of C-Suite Executives. However, the enforcement of POPI will hold all businesses accountable should they abuse or compromise personal information in any way. Organisations could face substantial financial penalties of up to R10 million, or a prison sentence of up to 10 years could be imposed should an entity be in breach of the legislation.

“The clock is ticking for businesses when it comes to being properly prepared to meet the terms of the POPI Act. When the POPI Act comes into full effect, it is crucial that all businesses adhere to the outlined requirements of the legislation when collecting, processing, storing and sharing another entity’s personal information. Businesses should note that the POPI Act is more than a compliance checkbox exercise; it is ultimately for the benefit of business, by ensuring that all information is securely protected so that organisations can build trust with their customers, employees and partners,” Fitzpatrick concludes.

Shred-it, which helps businesses in South Africa to improve their information security practices and protect their workplaces against the damage caused by data breaches, has issued the following five tips to help organisations put information security at the forefront of business planning:

• Schedule regular information security audits to identify problem areas where confidential information could go astray, e.g. printer stations and meeting rooms. Put measures in place to ensure that documents are securely disposed of, e.g. reminding staff to keep documents secure and store them in locked consoles or containers when they are no longer needed, ready for secure disposal.

• Introduce a Shred-it all Policy, which means all documents are destroyed prior to disposal. This means employees do not need to make a decision as to what is or is not confidential when disposing of paperwork. The decision to use the recycling bin or shredding container is often left to chance or convenience where both options are available. In practice, when outsourcing to a secure destruction provider such as Shred-it, all shredded paper is recycled, keeping you secure and protecting the environment at the same time.

• A clean desk is one of the simplest yet most effective safeguards that can significantly reduce the risk of a data breach. A formal Clean Desk Policy directs employees to put away all paper documents and lock all electronic equipment when leaving workstations, so confidential information is not at risk of falling into the wrong hands or left vulnerable to ‘visual hacking‘ from unauthorised prying eyes.

• Ensure employees are informed about the risks associated with data protection breaches and are well trained on which documents they should consider shredding as well as how to dispose of electronic data.

• Work with a reputable professional information destruction company that not only has a secure shredding process but can offer guidance and help with implementing robust information security practices.

Big hotel chains suffer data hacks

Travellers who visited one of Donald Trump’s Las Vegas hotels between 19 May and 2 June earlier this year may have had their payment information stolen by hackers, the company that runs the properties said in a statement to customers. It appears to be the first confirmation from Trump Hotel Collection that information taken in a breach at the international hotel chain – suspected to have taken place in New York, Chicago, Los Angeles, Honolulu, Las Vegas and Miami – is being used against customers.

Continue reading

Follow us on social media: 

               

View our magazine archives: 

                       


My Office News Ⓒ 2017 - Designed by A Collective


SUBSCRIBE TO OUR NEWSLETTER
Top